Cross-Site Tracing - Protecting Businesses from a Simple Attack

Businesses and corporations are beginning to use web-based applications for their core business functions. By using these applications, organizations become more vulnerable to malicious attacks from customers, partners, internal staff members or any other outside individual interested in gaining access to their data. As organizations begin to use these applications, they also need to understand and recognize the application is not the only threat to their business but also the web server and that this needs to be taken into consideration when purchasing a web-based application. One of the newest published cross-site scripting attacks (XSS), cross-site tracing (XST) bypasses any security mechanism put into place by a developer and enables an attacker to gain access to an individual's cookies and authentication credential information via a simple client-side script. In this paper, I will discuss how easy cross-site tracing could effect an organization and how an organization can protect itself from this type of attack.